Skip to main content

Problems updating cPGreyList Common Mail Providers

Comments

11 comments

  • rpvw
    Over the past month, I have seen so many problems with the Keyring servers not validating the services they are designed to protect, I ended up disabling the Signature validation in Tweak Settings. I could see no pattern to the keyring server signature failures, it just looked like someone had forgotten to update them, as they all seemed to sort themselves out if one waited long enough (up to a week in one instance). Either there is something seriously wrong with the keyring server synchronization, or whoever is in charge of them is not paying due care and attention (sorry guys - it's just the way it appears to be from my viewpoint)
    0
  • Spork Schivago
    Over the past month, I have seen so many problems with the Keyring servers not validating the services they are designed to protect, I ended up disabling the Signature validation in Tweak Settings. I could see no pattern to the keyring server signature failures, it just looked like someone had forgotten to update them, as they all seemed to sort themselves out if one waited long enough (up to a week in one instance). Either there is something seriously wrong with the keyring server synchronization, or whoever is in charge of them is not paying due care and attention (sorry guys - it's just the way it appears to be from my viewpoint)

    Thank you for the reply. If this is in fact the case, it's a bit of a relief in a way, because it'd suggest there's no break-ins or anything on my server. It'd be nice to see the issue fixed, if that's what's happening here. It'd also be nice if there was away to test to see if that's the problem or not, so in the future, we know for certain what's going on. I just wanted to make sure it wasn't like some man-in-the-middle attack or something weird like that, you know?
    0
  • rpvw
    We saw a number of similar keyring issues at Signature Roll Back Failed
    0
  • Spork Schivago
    We saw a number of similar keyring issues at Signature Roll Back Failed

    Thank you rpvw! It seems cPanel has been dealing with this issue for a bit of time now and still might not have the problem fixed. At least they'll know that other people are still experiencing this problem and that it doesn't appeared to be fixed yet. Thanks!
    0
  • rpvw
    I absolutely agree with you that we need this issue sorting out. If we have security related features, we need to have confidence in them working and not have to start from the position that the failure report is probably another false positive. Security feature failures of this nature do more harm than good as users either switch them off (guilty), or ignore them because they have been desensitized by seeing all the false positives. I am always predisposed to want to believe that the cPanel team have got this right, and are being let down by third party software/hardware - nevertheless, if it isn't going to work in its current format, let's look for some alternative solution o_O
    0
  • Spork Schivago
    I absolutely agree with you that we need this issue sorting out. If we have security related features, we need to have confidence in them working and not have to start from the position that the failure report is probably another false positive. Security feature failures of this nature do more harm than good as users either switch them off (guilty), or ignore them because they have been desensitized by seeing all the false positives. I am always predisposed to want to believe that the cPanel team have got this right, and are being let down by third party software/hardware - nevertheless, if it isn't going to work in its current format, let's look for some alternative solution o_O

    I'm guilty for the second option there and usually start assuming they're false positives. Right now would be the perfect time for someone to try and actually take advantage of some sort of exploit they discovered with the signatures. I don't know if a man-in-the-middle attack is a possibility, but I'd imagine there's some sort of vulnerability these signatures prevent. If someone was trying to take advantage of one of those vulnerabilities, we might not know. It might just be chalked up to this known issue and someone might be told to ignore it because it's being worked on. For me, I think I'm semi-okay. I ask, okay, what isn't happening? Something with the cPGreyList common mail providers isn't getting updated properly. I think that's okay for my server. I have greylisting turned off. I believe one of my add-on programs (like ldf or csf) handle this and instructed me to turn it off because of conflicts. If the error message was for some other updates, I'd be worrying a lot more.
    0
  • Spork Schivago
    I believe this problem is now fixed. I got an upgrade to 11.56.0.25 last night (or early this morning) and it seems like I'm no longer receiving the error message.
    0
  • Spork Schivago
    Sorry, I was wrong. The problem still exists.
    0
  • rpvw
    I confirm that the update Common Mail Providers worked for one day without error, but has now reverted to the Invalid signature error. I have tried using the 'Release Keyring Only' AND the 'Release and Development Keyrings' - BOTH trigger the Invalid signature error.
    0
  • cPanelMichael
    I confirm that the update Common Mail Providers worked for one day without error, but has now reverted to the Invalid signature error. I have tried using the 'Release Keyring Only' AND the 'Release and Development Keyrings' - BOTH trigger the Invalid signature error.

    Hello, I'm unable to reproduce this issue on a test server. Could you open a support ticket using the link in my signature if the issue persists? You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • cPanelMichael
    Hello @rpvw, I've not seen additional feedback to this thread or reference to a support ticket. I'm marking the thread as resolved, however feel free to let us know of any additional issues. Thank you.
    0

Please sign in to leave a comment.